Re: [Owasp-modsecurity-core-rule-set] is there any tool to analyse apache access logs against CRS?
If you have nothing else than the access log try lorg with phpids, or replay the access log to a local apache with crs and a rewrite rule to reply 200ok and look at the error log for the interesting stuff as Christian said Good luck! Sent from my iPhone > On 31 Jan 2019, at 14:06, Christian Folini > wrote: > > Hi there, > > The information you are looking for is not in the access log, but in the > error or the audit log. > > I you look through my tutorials at https://netnea.com, you will find a few > techniques and scripts that help you with the task at hand. > > Otherwise, the JWall Audit Console does a pretty good job extracting this > information. > > Best, > > Christian > >> On Thu, Jan 31, 2019 at 04:59:14PM +0530, Shrinivasan T wrote: >> Hello CRS Team, >> >> Thanks for the great works. >> >> I am looking for a tool to analyse my apache access logs against CRS to get >> report on any XSS/CSRF/etc issues. >> >> Is there any tool to do this? >> >> Thanks. >> >> -- >> Regards, >> T.Shrinivasan >> >> >> My Life with GNU/Linux : http://goinggnu.wordpress.com >> Free E-Magazine on Free Open Source Software in Tamil : http://kaniyam.com >> >> Get Free Tamil Ebooks for Android, iOS, Kindle, Computer : >> http://FreeTamilEbooks.com > >> ___ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > ___ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
Re: [Owasp-modsecurity-core-rule-set] is there any tool to analyse apache access logs against CRS?
Hi there, The information you are looking for is not in the access log, but in the error or the audit log. I you look through my tutorials at https://netnea.com, you will find a few techniques and scripts that help you with the task at hand. Otherwise, the JWall Audit Console does a pretty good job extracting this information. Best, Christian On Thu, Jan 31, 2019 at 04:59:14PM +0530, Shrinivasan T wrote: > Hello CRS Team, > > Thanks for the great works. > > I am looking for a tool to analyse my apache access logs against CRS to get > report on any XSS/CSRF/etc issues. > > Is there any tool to do this? > > Thanks. > > -- > Regards, > T.Shrinivasan > > > My Life with GNU/Linux : http://goinggnu.wordpress.com > Free E-Magazine on Free Open Source Software in Tamil : http://kaniyam.com > > Get Free Tamil Ebooks for Android, iOS, Kindle, Computer : > http://FreeTamilEbooks.com > ___ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
[Owasp-modsecurity-core-rule-set] is there any tool to analyse apache access logs against CRS?
Hello CRS Team, Thanks for the great works. I am looking for a tool to analyse my apache access logs against CRS to get report on any XSS/CSRF/etc issues. Is there any tool to do this? Thanks. -- Regards, T.Shrinivasan My Life with GNU/Linux : http://goinggnu.wordpress.com Free E-Magazine on Free Open Source Software in Tamil : http://kaniyam.com Get Free Tamil Ebooks for Android, iOS, Kindle, Computer : http://FreeTamilEbooks.com ___ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set